Information Technology (IT) has become an essential part of business operations by streamlining systems and reducing paperwork. Show As many businesses now rely so heavily on IT, there are risks to consider should something go wrong. On this page
If you own or manage a business that uses IT, it's important to identify risks to your IT systems and data so that you can reduce or manage those risks, and to develop a response plan in the event of an IT crisis. Business owners have legal obligations in relation to privacy, electronic transactions, and staff training that influence IT risk management strategies. IT risks include hardware and software failure, human error, spam, viruses and malicious attacks, as well as natural disasters such as fires, cyclones or floods. By looking at how your business uses IT, you can:
Developing a risk management plan will help you to identify areas of potential risk in your business continuity plan.
This template includes these 3 sections:
Use this page to consider your IT risk, then complete the 3 sections of the template. Download the business continuity planning template.
Consider how IT is used within your business.
Do you do any of the following?
Do you manage business taxation? For example:
MyGovID connects with a broad range of business services, including:
Do you use any of the following?
Do you use online stores to do the following?
Do you use software that is:
Software examples are:
Do you use social media sites for:
Do you use a point-of-sale system to receive payments from customers?
Is your telephone system connected via the internet?
Do you have a non-mobile connection to the internet for email and internet activities?
Do you use a mobile phone for communication, email, photographs, or apps for the business?
Do you use a computer for broad range of business operations such as administration or graphic design?
Using IT helps businesses to complete tasks faster and more efficiently. Using IT however, can introduce the risk of a serious IT failure that may result in the business needing to cease trading. Identifying types of risk will help you complete your business continuity plan.
Cash transactions are much less common than they were in the past. Today, customers may not carry any cash into a retail environment and it's this change in behaviour that can cause a trading risk for a business. Any unexpected internet outage may impact the Point of Sale (POS) facilities. Adding to this risk is the reduction in the number of cash outlets, such as ATMs, available to withdraw cash. Preparing for IT outages and having a plan in place to continue trading makes financial sense.
These IT risks could impact your business:
A small business changed its telephone system to use the internet for telephone calls using VOIP (Voice over Internet Protocol). The VOIP provider experienced flooding and their servers and network were not operational for several days. No customers were able to contact the business on the VOIP telephones which resulted in several days of lost trade. Read more about Information technology (IT) threat preparation for small business on our Small Business Disaster Hub.
Specific or targeted criminal threats to IT systems and data include:
Payment fraud is when cybercriminals steal business credentials and trick creditors into misdirecting their bill payments. The owner of a building business sent an invoice to a customer for payment. Cybercriminals gained access to the builder's emails and were able to change the invoice details to another bank account. The customer received what appeared to be a normal email from the builder with the invoice attached and therefore paid the bill however the payment went into the criminal's account. It was only when the builder rang the customer asking why they had not paid that the crime was revealed. Read more about:
To help identify risks and worst-case scenarios, ask 'what if?' questions with your staff, business mentor, or advisers. What if:
Managing IT risk with policies and proceduresThe Prevention, Preparedness, Response, Recovery (PPRR) risk management model identifies risks to include in your business's policies and procedures. By preparing policies and procedures that all staff can follow, you can reduce or prevent IT risk. Policies and procedures to protect your business from risk
Managing IT risk with practical stepsThere are practical steps you can take to improve IT security within your business. These include:
Read more about cyber security and protecting your online business activity.
As a business owner there are legal and legislative requirements to be aware of when it comes to IT operations. These include:
Read more about meeting your legal obligations.
Consider how the policies, procedures and practical steps outlined here could help you prevent or reduce IT risks in your business. Use your business continuity planning template to record these policies and procedures in your Risk management plan in the Preventive actions and Contingency plans columns. Also consider what to do in the event of an IT incident and record this in these 2 sections:
It can be very difficult to avoid all IT incidents. Business insurance may provide another way to reduce risk. Find out more about business insurance. Training your staffStaff can be the first and last line of defence against IT threats so investing the time for initial and ongoing training is a good preventative measure to avoid risks occurring. Consider:
Use these free staff training resources from the Australian Cyber Security Centre.
IT incidents may be the result of a wider crisis, such as an explosion, bushfire, or flood. In any emergency situation, the safety of staff and members of the public are your first priority. An IT incident response plan should support any emergency response plan you have developed. If an IT incident or crisis occurs, having a recovery plan in place will assist in reducing the business's recovery time and help to minimise losses. A plan could include:
Read more about developing a recovery plan. Also consider...
|